Python: Upload a package to Azure using SAS URI

0
votes

I am using the Microsoft's Hardware dashboard API to automate the submission of my (.CAB) package for signing. I have followed the steps in this documentation: https://docs.microsoft.com/en-us/windows-hardware/drivers/dashboard/create-a-new-submission-for-a-product

The response of new submission contains the SAS(Shared Access Signature) URI like this: (changed the sig and accnt_name for security)

'''https://accnt_name.blob.core.windows.net/scsjc/cexxxxxxxxxx?sv=2017-04-17&sr=b&sig=xxxxxxxxxxxxxx&se=2019-07-10T18:15:58Z&sp=rwl&rscd=attachment%3B filename%3Dinitial_xxxxxxxx.cab'''

I need to use this SAS URI to upload by package to azure blob storage. The examples in documentation shows C# or .NET as follows: 

string sasUrl = 
"https://productingestionbin1.blob.core.windows.net/ingestion/26920f66- 
 b592-4439-9a9d-fb0f014902ec?sv=2014-02-
 14&sr=b&sig=usAN0kNFNnYE2tGQBI%2BARQWejX1Guiz7hdFtRhyK%2Bog%3D&se=2016- 
 06-17T20:45:51Z&sp=rwl";
 Microsoft.WindowsAzure.Storage.Blob.CloudBlockBlob blockBob =
 new Microsoft.WindowsAzure.Storage.Blob.CloudBlockBlob(new 
 System.Uri(sasUrl));
 await blockBob.UploadFromStreamAsync(stream);

I want to use the SAS URI obtained from submission resource JSON Response to upload the package.

This link Download file from AZURE BLOB CONTAINER using SAS URI in PYTHON suggests that there is no equivalent method in python and BlockBlobService can be used.

from azure.storage.blob import BlockBlobService

 blobservice = BlockBlobService("storage_account",sas_token="?sv=2018-03- 
 28&ss=bfqt&srt=sco&sp=rwdlacup&se=2019-04-24T10:01:58Z&st=2019-04- 
 23T02:01:58Z&spr=https&sig=xxxxxxxxx")

 blobservice.create_blob_from_path(container_name, local_file_name, 
 full_path_to_file)

However I am not sure of what is storage_account name and container name from the SAS URI obtained from submission resource.

Also I have created a separate azure storage account and added a new container, blob in it. I have tried passing the new container and storage account name with SAS access token from SAS URI (obtained from submission JSON response micorsoft hardware api) but always get below ERROR

''' AzureHttpError: Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. ErrorCode: AuthenticationFailed AuthenticationFailedServer failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. RequestId:5463b7d2-901e-0068-6994-36782e000000 Time:2019-07-09T20:23:04.5760736ZSignature did not match. String to sign used was rwl

2019-07-10T18:15:58Z /blob/evcertautomation/ev2/initial_1152921504628106590.cab

2017-04-17

attachment; filename=initial_1152921504628106563.cab ''' Thanks in advance

2
python-3.xrestazure-storage-blobs
From the SAS URI you provide: 'accnt_name.blob.core.windows.net/scsjc/…, the storage_account name is accnt_name, the container name is scsjc.Ivan Yang

2 Answers

1
votes

If you have a blob SAS URI as you post below, you can easily upload a file to the blob in Python with requests.

https://accnt_name.blob.core.windows.net/scsjc/cexxxxxxxxxx?sv=2017-04-17&sr=b&sig=xxxxxxxxxxxxxx&se=2019-07-10T18:15:58Z&sp=rwl&rscd=attachment%3B filename%3Dinitial_xxxxxxxx.cab

First, you must have to inspect the values of parameters se and sp. The se parameter means the expire time of the blob SAS URI, and the sp parameter means the operation permisson of the blob SAS URL like w for Blob Write Permission

So for your blob SAS URL above, you have the blob write permission to upload a file to this blob before the time 2019-07-10T18:15:58Z.

Here is my sample code for uploading via a blob sas uri.

import requests

blob_sas_uri = '<your blob sas uri which must includes `sp=w` and do the write operation before `se`>'

local_file_name = '<your local file name>'

headers = {
    'x-ms-blob-type': 'BlockBlob'
}

data = open(local_file_name).read()

r = requests.put(blob_sas_uri, headers=headers, data=data)
print(r.status_code)

If you see the result is 201, it works fine and succeed for uploading.

As reference, there is a similar offical sample Example: Upload a Blob using a Container’s Shared Access Signature which using a wide container permission.

0
votes

As per the SAS URI you provided: '''https://accnt_name.blob.core.windows.net/scsjc/cexxxxxxxxxx?sv=2017-04-17&sr=b&sig=xxxxxxxxxxxxxx&se=2019-07-10T18:15:58Z&sp=rwl&rscd=attachment%3B filename%3Dinitial_xxxxxxxx.cab'''

The account name should be accnt_name, the container should be scsjc.

So your code should look like below:

 from azure.storage.blob import BlockBlobService

storage_account ="accnt_name"
token="?sv=2018-03- 
 28&ss=bfqt&srt=sco&sp=rwdlacup&se=2019-04-24T10:01:58Z&st=2019-04- 
 23T02:01:58Z&spr=https&sig=xxxxxxxxx"

container="scsjc"

 blobservice = BlockBlobService(storage_account,sas_token=token)

 blobservice.create_blob_from_path(container, local_file_name, 
 full_path_to_file)